Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Is automatic Windows Authentication posible with ASA?

Replaced a 10 year old failing system with an ASA5510(asdm5.2, asa52) and and IAS server. The users do NOT want to see the authentication window, nor do anything on it. That was not needed with the old system and its client software.

To keep my job I have had to increase the ASA timeout value more then I feel comfortable with.

Is is possible to configure either the IAS server (or ASA) to use the Windows credentials? Then I can set the timeout values to something much more secure.

3 REPLIES
Bronze

Re: Is automatic Windows Authentication posible with ASA?

Yup that is no problem. Have look at following doc, it explains how to config the ASA to talk to the IAS.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

Community Member

Re: Is automatic Windows Authentication posible with ASA?

Allow me to clairify. I am looking for a way for the users NOT to be prompted for username and password.

I am currently using the ASA and IAS to get to the internet to post this message. So the prombem is not how to get IAS to work, but how to do authentication without user input of username and password. My users would like such authentication info to come automatically from the computer they are logged in on.

Bronze

Re: Is automatic Windows Authentication posible with ASA?

Actually i haven't been able to test the passing of the credentials from windows to the VPN client but if you have a look at the VPN Client Administration Guide you can see following options for the *.pcf (profile) file.

MSLogonType=0 (pass the windows credentials)

Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_administration_guide_chapter09186a00800bd98d.html#wp1157859

In case you have set this flag to 0 i stumbled across another parameter. It's seems to be only for NT Domains but maybe it hast to be set anyway.

NTDomain=

Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_administration_guide_chapter09186a00800bd98d.html#wp1157819

Hope it helps

Roble

138
Views
0
Helpful
3
Replies
CreatePlease to create content